Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:WORD-GLOBAL-INDEX |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Word Global Array Index Heap Overflow |
Release Date |
2010/10/19 |
Update Number |
1794 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Word Global Array Index Heap Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft Word products. It is due to an index error when processing DOC document that contains a crafted TextFlow record. A remote attacker can exploit this by enticing the target user to open a crafted DOC file. A successful attack can lead to arbitrary code execution within the security context of the currently logged on user. The behavior of the target depends on the intention of the attacker. Any code injected is executed within the security context of the currently logged in user. In an unsuccessful code execution attack, the affected product terminates resulting in the loss of any unsaved data from the current session.
Extended Description
Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.
Affected Products
- Microsoft office_2004_for_mac
- Microsoft office_2008_for_mac
- Microsoft office_compatibility_pack_2007 SP1
- Microsoft office_compatibility_pack_2007
- Microsoft office_word_2007
- Microsoft word_2000 SP3
- Microsoft word_2002 SP3
- Microsoft word_2003 SP2
- Microsoft word_2003 SP3
- Microsoft word_2007 SP1
- Microsoft word_2007
- Microsoft word_viewer
- Microsoft word_viewer_2003 SP3
References
- BugTraq: 32583
- CVE: CVE-2008-4026